13-17
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter13 Configuring RADIUS and TACACS+ Servers
Configuring and Enabling RADIUS
For a complete list of RADIUS attributes or more information about VSA26, see the RADIUS guides
at the following URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/security/config_library/12-4t/secuser-12-4t-library.html
Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary
information between the access point and the RADIUS server, some vendors have extended the RADIUS
attribute set in a unique way. CiscoIOS software supports a subset of vendor-proprietary RADIUS
attributes.
As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you
must specify the host running the RADIUS server daemon and the secret text string it shares with the
access point. You specify the RADIUS host and secret text string by using the radius-server global
configuration commands.
Beginning in privileged EXEC mode, follow these steps to specify a vendor-proprietary RADIUS server
host and a shared secret text string:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 radius-server vsa send [accounting |
authentication]
Enable the access point to recognize and use VSAs as defined by RADIUS
IETF attribute 26.
(Optional) Use the accounting keyword to limit the set of recognized
vendor-specific attributes to only accounting attributes.
(Optional) Use the authentication keyword to limit the set of
recognized vendor-specific attributes to only authentication attributes.
If you enter this command without keywords, both accounting and
authentication vendor-specific attributes are used.
Step3 end Return to privileged EXEC mode.
Step4 show running-config Verify your settings.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 radius-server host {hostname | ip-address} non-standard Specify the IP address or host name of the remote
RADIUS server host and identify that it is using a
vendor-proprietary implementation of RADIUS.